Vulnerability Development mailing list archives
Re: Administrivia #4883/flowpoints
From: marc () MUCOM CO IL (Marc Esipovich)
Date: Fri, 14 Jan 2000 08:28:59 -0200
depending on the version OS your flowpoint runs, you can limit what ip's can telnet in using the filter command. if you apply that feature correctly, you effectively prohibit brute forcing the router pw. treat it like cisco's access-list's retarded little brother and you wont be too disapointed.Well, adding a short delay in the code which authenticates the password would make brute-force pretty painful and time-consuming.true.. adding a 5 second delay might make it take longer but the attack
5 seconds? that's far too long than necessary.
might well still go undetected unless one is in the habit of checking the system history on the router,
Do you know someone who cares about security but fails to check his audit logs?
and i doubt the vast majority of flowpoint owners do this.
Obviously their problem.
ultimately, delay code might turn a 1 day hack into a 1 week hack,
1 week? over a 300msec round-trip line and a strong password which is not taken from a dictionary? we're talking years.
but it probably wont stop someone dedicated from getting in. id say the most efficient solution is the filter still.
Filters are always important, and yes, they come first, but would you filter against an intruder from the inside? Besides, a dedicated intruder doesn't waste his time with attempts to find the correct password, there are by far more efficient ways of "doing it". Marc Esipovich.
Current thread:
- Re: Administrivia #4883 (fwd) jason storm (Jan 13)
- Re: Administrivia #4883 (fwd) Marc Esipovich (Jan 13)
- Re: Administrivia #4883/flowpoints jason storm (Jan 14)
- Re: Administrivia #4883/flowpoints Marc Esipovich (Jan 14)
- Re: Administrivia #4883/flowpoints jason storm (Jan 14)
- Re: Administrivia #4883 (fwd) Marc Esipovich (Jan 13)